Sascha Fahl: The impact of code sources on cyber security

RISCS would like to congratulate friend and fellow researcher Sascha Fahl. Every year the US National Security Agency runs a competition for the best scientific cyber security paper. This year, 2017, the winning paper is You Get Where You’re Looking for: The Impact of Information Sources on Code Security; Fahl, along with Yasemin Acar, Michael Backes, Doowon Kim, Michelle L. Mazurek, and Christian Stransky, is one of the authors.

The paper traces one of the problems facing software developers trying to write secure programs by examining the information sources developers use. In a study involving 54 developers, they found, as Fahl explained in a talk he gave at a RISCS workshop last year on secure development, that given their choice developers tend to prefer to consult websites such as Stack Overflow, where the information provided is highly accessible but often leads to insecurity. Official documentation leads to correct security, but is hard to use, and although books are both accurate and functional, few developers choose to use them.

The next RISCS Community Meeting will be held on Wednesday 10th and Thursday 11th April 2019 At the last RISCS Community Meeting, we discussed ‘Economics and Incentives’ in cyber security. To follow on from that event Read more…